Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Show hint to impersonators that app-tokens cannot be created #34

Open
MaxFlax opened this issue Mar 6, 2018 · 7 comments
Open

Show hint to impersonators that app-tokens cannot be created #34

MaxFlax opened this issue Mar 6, 2018 · 7 comments
Labels
enhancement

Comments

@MaxFlax
Copy link

MaxFlax commented Mar 6, 2018

Running Nextcloud 13

When impersonating a user and trying to create app-token
the token is created but you cant change the username impersonated.

It keeps the impersonators username instead of the user impersonated.
@cuthulino
Copy link

+1
Found same problem.

@blizzz blizzz added the bug label May 7, 2018
@stinch stinch mentioned this issue Jul 23, 2018
Closed
@rullzer
Copy link
Member

rullzer commented Jul 24, 2018

Yeah it won't be possible to create apptokens when impersonating.

To create an apptoken you need the password of the user. But you don't have that when impersonating. Also note that there is no way to obtain it since the password is not stored accesisable in the DB.

@blizzz blizzz mentioned this issue Oct 1, 2018
Closed
@HorlogeSkynet
Copy link

HorlogeSkynet commented Jan 6, 2019
edited
Loading

Hey over here !

It is pretty frustrating to encounter this behavior from the security page itself (and it definitely looks like a bug !).
Should we display a message about this when the administrator lands on the impersonated user's security section, and definitely close this issue ?

Thanks 🙇‍♂️
Bye 👋

EDIT : Ping #10

@blizzz
Copy link
Member

blizzz commented Jan 13, 2021

Should we display a message about this when the administrator lands on the impersonated user's security section, and definitely close this issue ?

Yeah, this would be an improvement. Let me change the topic.

@blizzz blizzz changed the title Problem with creating App-tokens (when impersonating) Show hint to impersonators that app-tokens cannot be created Jan 13, 2021
@blizzz blizzz added enhancement and removed bug labels Jan 13, 2021
@blizzz blizzz mentioned this issue Mar 3, 2021
Closed
@Rick26L
Copy link

Rick26L commented Mar 3, 2021

Hi @blizzz ,

so it would not be possible again to create these App Token/QR Codes as an Admin for a user while impersonate him?
In v19 and before it worked good and was a really good for helping the remote users to get the nextcloud running on an mobile device etc.

@thopico
Copy link

thopico commented Dec 6, 2022

Hi,
not sure if this is the appropriate place to communicate this behavior but it seems related. Tell me if I should open a new issue.

As I didn't know impersonators can't create app token (no field in web UI), I tried through cli.
The function asked for the user impersonated's password, I entered a wrong one but anyway the system generated a valid token (it's been revoked since) :

occ user:add-app-password ***
Enter the user password: 
The password has not been validated, some features might not work as intended.
app password:
XAH4REqp1UIGhwb7BmBdJd9t8JBCY9jXNqRUvGkSX4tNYkZ3r6XhuFEFefLopvZxJvUgzT5i

I checked and it shows up on web UI and can be used.

Is it voluntary ?

ps: I'm running NC 23.0.10

@blizzz
Copy link
Member

blizzz commented Dec 9, 2022

@thopico yes, it is unrelated here, and it is not a bug, but working as expecting, citing »The password has not been validated, some features might not work as intended.«

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@rullzer @blizzz @cuthulino @HorlogeSkynet @Rick26L @MaxFlax @thopico